The authenticity and integrity of the device and the application must be verified to determine whether the application’s backends are communicating with a legitimate application running on an approved/genuine mobile device. An attestation is a technique and process leading to evidence or proof of authenticity.

Check this link to learn more about AppiCrypt, a powerful tool that provides proof of app and device integrity for backends:
https://medium.com/@talsec/mobile-api-anti-abuse-protection-appicrypt-is-a-new-safetynet-and-devicecheck-alternative-20cf7a07dfb0

John is the creator of a popular app BetterVision, for the blind and visually impaired. There is a good reason for the over 100K installations John’s creation has achieved. BetterVision can turn a phone’s camera into a powerful assistant easing a daily routine for disabled users worldwide. With success, however, soon came difficulties. John’s app suffered a cloning attack, and his In-App purchases got stolen.

Check this link:
https://medium.com/@talsec/5-things-john-learned-fighting-hackers-of-his-app-a-must-read-for-pms-and-ciso-s-463379b49410

freeRASP is a Community-driven In-App Protection and User Safety suite. Learn more about security and implement freeRASP into your app! Check the implementation guide at the end of the video.

https://www.youtube.com/watch?v=LLFOSX1c5WA

TL;DR: freeRASP improves the security and ensures the safety of your app. Like Crashlytics but for threats. Flutter, Android and iOS are all supported.

Check this link:
https://medium.com/geekculture/freerasp-in-app-protection-sdk-and-app-security-monitoring-service-de12d8e49400

I have tried to design a nonobtrusive timer app named Focus, check it out. I don’t intend to continue its development since there is no need for another Pomodoro app. The main (and only) specialty of the Focus is a text field used to specify a current goal.

I have joined a new project which is already bootstrapped with Spring Boot and Kotlin. I haven’t needed such tech stack yet, usual requirements were easily solvable by deploying the Strapi CMS and the database.

Play Store? Huawei AppGallery? Custom updater?

This article aims to answer common questions about the possibilities of android app distribution. I try to compare various ways of installation which can be interesting for non-public apps. I also examine relevant app stores to summarize their possibilities and limitations. The monetization, advertisement, and related business aspects are taken just briefly. Beware - the market situation is taken from the US/EU viewpoint. The regional situation in Russia, China, or India is beyond my knowledge.

This is not a tutorial, but a quick write-up about the simplicity of tools which can be used to publish simple single page application nowadays. I have used this approach a few times when someone asked me to build an editable table of items (i.e. upcoming events) without special requirements. I wouldn’t recommend this approach for anything more serious.

92 Keys, Falcon 9, Drawing by Ryan Joseph. Happy Sunday!

Keep an eye on attack vectors with MobSF

Your shiny new Android app is almost done and you are heading for release. Your most valuable assets are baked inside your app, yet there is one last crucial measurement your app should undertake to ensure its security.